Meta

Month: June 2014

We’re all familiar with the possibility of data security breaches. Web sites get hacked, passwords get compromised, laptops get stolen. To mitigate these risks, we (try to) use strong passwords, keep our computers under lock and key, and encrypt our personal data. But what about our phones? They are increasingly relied on as mini-computers in our pockets, replete with email accounts, banking apps, and sensitive Dropbox files. Many apps store usernames and passwords in plain text.

What happens if your phone gets stolen? Many people don’t have any security or lock screen enabled at all. Others simply use a pattern or short PIN that is easily cracked in minutes. Android offers encryption, but it’s turned off by default. It’s also very inconvenient. To be effective, encryption requires a strong password, and Android (4.x) requires that you enter this password to unlock your phone when it boots-up, and also every time you unlock the screen.

The problem is that once you encrypt your phone, Android (again, versions 4.x – maybe this will change in a future release!) disables the ability to lock/unlock it with a pattern (annoyingly) or with a different, shorter PIN (perhaps understandably). Having to type in a long password every time you want to use your phone makes this is a non-starter for most users.

Ideally, we would enter a strong password to unlock and decrypt the phone at boot-up, and then use a simpler, user-friendly security mechanism (such as a pattern) to unlock the phone throughout the day. This would balance the benefits of strong-password encryption with the practicalities of making the phone accessible throughout the day.